Some of our customers have asked how they can view, in a single command, which Ubuntu versions they are running and whether their instances are attached to an Ubuntu Pro subscription.
With Ubuntu 20.04 reaching its end of support by the end of May and multiple ways to activate an Ubuntu Pro subscription, customers need a reliable way to understand their Ubuntu state, especially at scale.
We will use AWS Systems Manager (SSM), which has the capability to run commands inside every managed machine under Fleet Management.
Requirements
To follow this guide, you need:
- A Linux machine: This could be your workstation or another EC2 instance.
- AWS CLI installed.
- SSM permissions: Either AWS CLI configured with an account that has permission to run SSM commands or an EC2 machine with SSM permissions attached as a role.
- Your machines must be SSM-managed and appear under the “Fleet Management” menu in SSM.
The AWS CLI allows you to run SSM commands just like in the web console. However, using the CLI provides flexibility to manipulate output and link results to other commands.
Our goal is to generate an Excel-readable sheet containing the instance ID, Ubuntu version, and whether the instance is attached to an Ubuntu Pro subscription.
Below, we outline the process before presenting a complete Bash script to automate the task.
Step 1: Get all Your Ubuntu managed machines
First, we need to retrieve all instances managed by SSM. Since the output contains more information than needed, we will use the --query argument to filter only the instance ID, platform name (OS), and platform version (e.g., 20.04, 22.04, 24.04):
aws ssm describe-instance-information \
--query "InstanceInformationList[*].[InstanceId, PlatformName, PlatformVersion]" \
--no-paginate \
--output text
Since this command retrieves all managed instances (not just Ubuntu), we need to filter the results using grep. Attach the following after the previous command:
| grep 'Ubuntu'
Currently, there is no built-in filtering by OS in the describe-instance-information command.
Step 2: Send an Ad-hoc command to each instance
To determine if an instance is attached to Ubuntu Pro, we need to run the following command inside each machine:
sudo pro status --format yaml | grep attached
This extracts the attached status from the pro status output in YAML format. If the instance is Pro-enabled, the output will be:
attached: true
To execute this command remotely on each instance, we use aws ssm send-command with the AWS-RunShellScript document:
aws ssm send-command \
--instance-ids "$instanceID" \
--document-name "AWS-RunShellScript" \
--comment "Pro Status" \
--parameters commands="sudo pro status --format yaml | grep attached" \
--query "Command.CommandId" \
--output text
Since this command runs asynchronously, it returns a CommandId that we will use to retrieve the output later.
Step 3: Retrieve the command output
To check the command execution status, use:
aws ssm list-command-invocations \
--command-id "$command_id" \
--details \
--query "CommandInvocations[0].Status" \
--output text
If the status is Success, we can extract the output:
aws ssm list-command-invocations \
--command-id "$command_id" \
--details \
--query "CommandInvocations[0].CommandPlugins[0].Output" \
--output text
This command fetches only the relevant output from the command invocation.
Step 4: Automate the process with a script
To streamline this process, we use a Bash script that:
- Retrieves all Ubuntu instances managed by SSM.
- Sends the
pro statuscommand to each instance. - Implements a retry mechanism to handle delays in command execution.
- Outputs instance details in a structured format.
#!/bin/bash
# Get all Ubuntu managed instances
instances=$(aws ssm describe-instance-information --query "InstanceInformationList[*].[InstanceId, PlatformName, PlatformVersion]" --no-paginate --output text | grep 'Ubuntu')
# Query each instance by running a shell-script command
while read -r line; do
# Extract the instance ID (first column)
instanceID=$(echo "$line" | awk '{print $1}')
# Send the command and capture the Command ID
command_id=$(aws ssm send-command \
--instance-ids "$instanceID" \
--document-name "AWS-RunShellScript" \
--comment "UA Status" \
--parameters commands="sudo pro status --format yaml | grep attached" \
--query "Command.CommandId" \
--output text)
if [[ -z "$command_id" ]]; then
echo "$line Failed to send command"
continue
fi
# Retry mechanism
max_retries=10
sleep_time=5
attempt=1
status="InProgress"
while [[ "$status" == "InProgress" || "$status" == "Pending" ]]; do
if (( attempt > max_retries )); then
echo "$line Max retries reached. Skipping..."
break
fi
status=$(aws ssm list-command-invocations \
--command-id "$command_id" \
--details \
--query "CommandInvocations[0].Status" \
--output text)
if [[ "$status" == "Success" ]]; then
output=$(aws ssm list-command-invocations \
--command-id "$command_id" \
--details \
--query "CommandInvocations[0].CommandPlugins[0].Output" \
--output text)
break
fi
sleep "$sleep_time"
((attempt++))
done
echo "$line $output"
done <<< "$instances"
Example Output
i-0f45639632b5b0a79 Ubuntu 22.04 attached: true
i-0027c5909b1d95b96 Ubuntu 24.04 attached: false
i-05837539fc263ddbe Ubuntu 20.04 attached: true
i-0d014199681cfa791 Ubuntu 22.04 attached: true
This script provides an efficient way to monitor Ubuntu versions and Pro subscriptions across your fleet.
Save this bash script with a name, say ubuntu-state.sh add execute permissions with chmod +x ubuntu-state.sh and run it as follows, to generate a csv file (it will be separated by tabs instead of commas):
./ubuntu-state.sh >> my_ubuntu_state.csv
Customization
If you need additional information from the instances, modify the command being executed. You can also integrate this data with AWS metadata to enhance your reporting.
In my personal case, I have added information about available ESM packages to improve the fleet security status visibility.
Final comments
By leveraging AWS Systems Manager (SSM), you can efficiently retrieve information about your Ubuntu instances, including their version numbers and Ubuntu Pro subscription status. This approach eliminates the need for manual instance checks, providing a scalable and automated way to monitor your fleet. The included Bash script not only simplifies the process but also ensures reliability with built-in retries.
You can further customize this solution by gathering additional system metadata, integrating it into monitoring dashboards, or automating compliance checks. With these tools, managing Ubuntu instances at scale becomes more efficient, ensuring your infrastructure remains up to date and properly subscribed to Ubuntu Pro when needed.